Protecting Your ICS/SCADA Environment

English: A basic SCADA animation for reference.

The mantra throughout FIRST was “sharing to win”, the concept of which echoes throughout security got me to thinking about information sharing in the ICS/SCADA security arena. Kyle Wilhoit developed a honeypot architecture that emulated several types of SCADA and ICS devices. These honeypots include vulnerabilities found in across similar or same systems to showcase a realistic environment.

Fortunately, there are some basic configurations considerations that can improve ICS/SCADA systems security which includes the following:

  • Disable Internet access to your trusted resources, if possible.
  • Ensure that your trusted resources have the latest updates and that new patches/fixes are monitored.
  • Use real-time anti-malware protection and real-time network scanning locally on trusted hosts and where applicable.
  • Require user name/password combinations for all systems, even those deemed “trustworthy.”
  • Set secure login credentials and do not rely on defaults.
  • Implement two-factor authentication on all trusted systems for any user account.
  • Disable remote protocols that are insecure.
  • Disable all protocols that communicate inbound to your trusted resources but are not critical to business functionality.
  • Utilize network segmentation to secure resources like VES systems, ICS, and SCADA devices. See a great write-up on network segmentation here.
  • Develop a threat modeling system for your organization. Understand who’s attacking you and why.

Protecting Your ICS/SCADA Environment | Security Intelligence Blog | Trend Micro.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s